/**
 * Copyright (C), 2012-2018, 联奕科技有限公司
 * FileName: RbacServiceIpml
 * Author:   石贵武
 * Date:     2018\4\2 0002 10:56
 * Description:
 * History:
 * <author>          <time>          <version>          <desc>
 * 作者姓名           修改时间           版本号              描述
 */
package com.zdx.security.impl;

import com.zdx.security.RbacService;
import org.springframework.context.annotation.Bean;
import org.springframework.security.access.method.P;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.stereotype.Service;
import org.springframework.util.AntPathMatcher;

import javax.servlet.http.HttpServletRequest;
import java.util.Set;

/**
 * 〈一句话功能简述〉<br>
 * 〈〉
 *
 * @author 石贵武
 * @create 2018\4\2 0002
 * @since 1.0.0
 */
@Service
public class RbacServiceIpml implements RbacService {

    private AntPathMatcher antPathMatcher = new AntPathMatcher();


    @Override
    public boolean hasPermission(HttpServletRequest request, Authentication authentication) {

        boolean hasPermission = false;

        Object principal = authentication.getPrincipal();

        if (principal instanceof UserDetails) {

            String username = ((UserDetails) principal).getUsername();

            Set<String> resources = null;//查询数据库

            for (String url : resources) {

                if (antPathMatcher.match(url, request.getRequestURI())) {
                    hasPermission = true;
                    break;
                }

            }
        }
        return hasPermission;


    }
}